Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Experience with Large-Scale Alfresco & Keycloak/Entra ID SAML SSO Deployment?

Rajeshkumar_Jha
Confirmed Champ
Confirmed Champ

‎01-29-2025 03:25 PM

Hello everyone,

We have been using the SAML module for SSO with Entra ID, and it has worked well for our customer solution, which supports over 6,000 active users. However, as we upgrade to ACS 23.3, we need to transition to Keycloak for SAML SSO.

Although the SAML module is deprecated, it has been stable in our environment. We are a bit concerned about the Alfresco/Keycloak setup since we haven't found any references from Alfresco regarding large-scale installations using Keycloak for SAML SSO.

I’d like to ask if anyone in the group has experience with a production deployment involving thousands of users using Alfresco with Keycloak and Entra ID for SAML SSO. Any insights or best practices would be greatly appreciated!

Thanks in advance.

 

 

Labels:
0 Kudos
1 REPLY 1

agermain
Champ on-the-rise
Champ on-the-rise

‎01-30-2026 11:06 AM

Hi Rajesh,

We deployed Alfresco 23.x with about 4,000 active users, integrated with Keycloak SSO (including Share). We followed the official documentation, and everything worked smoothly.

The only issue we encountered was that some users still had an active Share UI session, but their ACS token had already expired. In those cases, they were unable to continue using the UI. We resolved this by lowering the session refresh interval in Keycloak to 30 minutes.

Since then, everything has been running smoothly, and our users are happy.

0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2026 Khoros, LLC